PT-2025-4805 · Unknown+1 · Refreshspecial Extension+1
Blankeclair
·
Published
2025-01-14
·
Updated
2025-01-14
·
CVE-2025-23072
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mediawiki - RefreshSpecial Extension versions 1.39.X through 1.39.11
Mediawiki - RefreshSpecial Extension versions 1.41.X through 1.41.3
Mediawiki - RefreshSpecial Extension versions 1.42.X through 1.42.2
Description
The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS). This enables attackers to inject malicious scripts into web pages.
Recommendations
For versions 1.39.X through 1.39.11, update to a version after 1.39.11.
For versions 1.41.X through 1.41.3, update to a version after 1.41.3.
For versions 1.42.X through 1.42.2, update to a version after 1.42.2.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mediawiki
Refreshspecial Extension